About The Blog

Debate at the intersection of business, technology and culture in the world of digital identity, both commercial and government, a blog born from the Digital Identity Forum in London and sponsored by Consult Hyperion



  • Add to
Technorati Favorites


  • Creative Commons

    Attribution Non-Commercial Share Alike

    This work is licensed under a Creative Commons Attribution - Noncommercial - Share Alike 2.0 UK: England & Wales License.

    Please note that by replying in this Forum you agree to license your comments in the same way. Your comments may be edited and used but will always be attributed.

« Bring it on | Main | The right to moan »

No-one should think this stuff is easy

By Dave Birch posted Aug 25 2009 at 5:38 PM

[Dave Birch] I've repeatedly said that I want the laws of mathematics and physics to protect my personal data, not to rely on the laws of the UK (or anywhere else). This is for two reasons. For one thing, I'm not confident that the people making the laws know what they're doing (they tend to be lawyers and politicians rather than engineers or scientists). For another thing, there's no reason to expect that the cold, hard distinction between 1s and 0s that builds the virtual world is suitable to manage the ambiguities of the legal world. Thus, even if a law is set out correctly, that doesn't mean that it will never be replaced or altered in a perverse way. The oldest law still on the books in our United Kingdom is the Distress Act of 1267 (which outlawed private feuds, forcing people to go to court for redress in civil disputes) but not many laws have made it through eight centuries. Things change. But even if the law is right and on the books, that doesn't mean it will be interpreted as intended. At the eema European eIdentity conference, I noticed that the Chief Privacy Officer for the Department of Homeland Security referred to the US Privacy Act of 1974 as one of the inputs to their policy. But,

The Privacy Act of 1974—the law designed to protect your rights as the government collects, uses, and shares your data—fails to consistently protect of citizens’ privacy because circuit courts disagree on how to interpret its language.

[From PolicyBeta - Blog Archive - A Remedy for Every Wrong? Why We Need a Consistent Privacy Act]

This illustrates my point. My personal data should be protected by cryptography, not by the vagaries of judicial interpretation.

The idea that cryptography rather than good intentions should be the source of public confidence in a system handling personal data is central to what I've taken to calling Post-Modern Privacy (or PMP). But it's not just that cryptography should be used, it's that it should be open. The security of personal data should be based on the security of keys, not on secrecy or proprietary technology. The specifications for, for example, a national ID card, should be published, open and subject to peer review and revision: that's the way to generate confidence in a scheme, not meaningless, soothing waffle from politicians.

These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]


TrackBack URL for this entry:

Listed below are links to weblogs that reference No-one should think this stuff is easy:


The comments to this entry are closed.